Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-17 11:48:05 2014-07-17 11:50:04 119 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine4 xpmachine4 VirtualBox 2014-07-17 11:48:06 2014-07-17 11:50:03

File Details

File name order_report_8723894723894789237948.exe
File size 67846 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 F7CB788B
MD5 54de4793344357b2bf594fa16103baf6
SHA1 4083da7ae635d68c6f2ff47cb1b142ab6c48457a
SHA256 cc0ef75d19a26143acec783f72a49b11f40c88e4de1fd1961c12f82497c5398f
SHA512 8a72138921147d2fe732baacfe4722d0d0c311374e9f7627a697038657cc5312f37b2c7f6175084c5f2f9e74bc01d0bc284f7f5535606cc72b8665727aee15c7
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-17 15:45:47
Detection Rate: 13/54 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Version Infos

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Nothing to display.

Behavior Summary

Files
  • C:\WINDOWS\Registration\R000000000007.clb
  • C:\WINDOWS\system32\scrrun.dll
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\order_report_8723894723894789237948.exe
  • C:\WINDOWS\WINHELP.INI
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
  • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003_Classes
  • HKEY_LOCAL_MACHINE\Software\Classes
  • \REGISTRY\USER
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID
  • HKEY_CLASSES_ROOT\Scripting.FileSystemObject
  • HKEY_CLASSES_ROOT\Scripting.FileSystemObject\CLSID
  • CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}
  • CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\TreatAs
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServerX86
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\LocalServer32
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocHandler32
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocHandlerX86
  • \CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}
  • HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\TreatAs
  • HKEY_CLASSES_ROOT\TypeLib
  • HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}
  • HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0
  • HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0\0
  • HKEY_CLASSES_ROOT\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0\0\win32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

order_report_8723894723894789237948.exe PID: 968, Parent PID: 384

order_report_8723894723894789237948.exe PID: 1004, Parent PID: 968

Volatility

Nothing to display.